General
-
Target
56c0a91b938a98ec4749b43c865780b7_JaffaCakes118
-
Size
264KB
-
Sample
241018-lr4q1azemg
-
MD5
56c0a91b938a98ec4749b43c865780b7
-
SHA1
8b550412699c2e01842324edc1d6eca1b9caf9be
-
SHA256
692d84102100a7a337cdb689336bd9a33d0e6a20f05d63e59d2816405ae6a3c1
-
SHA512
2d4daf7b87eb69942bf77a2eab871562696f1a37d67da7c23e5717eb89277390c1eacb2996cd7aeed292e62f38ebc7f0c0eadbdb8c0ebbc7236808a61022cba1
-
SSDEEP
6144:/0ml5jD9WSCUHt5/DrAU2PXsCV9YzaSeSnpK4Vod:Nn9HPNdAU2HjYWSeSnpK4Kd
Malware Config
Extracted
darkcomet
Guest111
kostya05.no-ip.biz:1604
DC_MUTEX-FYA8SEH
-
gencode
4WSiBT0MEb4m
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
56c0a91b938a98ec4749b43c865780b7_JaffaCakes118
-
Size
264KB
-
MD5
56c0a91b938a98ec4749b43c865780b7
-
SHA1
8b550412699c2e01842324edc1d6eca1b9caf9be
-
SHA256
692d84102100a7a337cdb689336bd9a33d0e6a20f05d63e59d2816405ae6a3c1
-
SHA512
2d4daf7b87eb69942bf77a2eab871562696f1a37d67da7c23e5717eb89277390c1eacb2996cd7aeed292e62f38ebc7f0c0eadbdb8c0ebbc7236808a61022cba1
-
SSDEEP
6144:/0ml5jD9WSCUHt5/DrAU2PXsCV9YzaSeSnpK4Vod:Nn9HPNdAU2HjYWSeSnpK4Kd
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-